How to Identify a Phishing Email

Geraldine Strawbridge is a graduate from the University of Glasgow. As the Editor of Cyber Radio, Geraldine is focused on delivering the latest cyber security news whilst making cyber security more relatable to people in their everyday lives.

How to Identify a Phishing Email

Phishing is one of the oldest scams in the book, and it continues to prove one of the most successful ways to defraud people due to its simplicity, effectiveness and high return on investment.

91%of all cyber-attacks can be traced back to a phishing email, and the online scam works by tricking people into disclosing sensitive information or downloading malicious malware onto their computer.

The most common type of phishing scam involves tricking people into opening emails or clicking on a link which may appear to come from a legitimate business or reputable source.

The email will be carefully designed to trick the recipient into entering confidential information such as an account number, password, or date of birth by clicking on a link. The email may also include an attachment that once opened will directly infect a computer with malware.

The fraudsters will then use this stolen data to commit identity fraud, open bank accounts, apply for loans, or they may simply cut their losses and sell it on to another criminal third party.

What are the warning signs?

Identifying a phishing email has become a lot harder than it used to be as criminals have become more advanced and deceptive in their attack methods.

Phishing emails are designed to look genuine and will appear to come from a big brand that we know and trust.

The much-publicised Nigerian phishing scam has taken the back seat, and the phishing emails that we are seeing today are increasingly well written, personalised, and contain spoofed logos that make it difficult to distinguish between an official email or a phishing email designed to con us.

Despite the increasing sophistication of these emails, there are often subtle signs we can look out for that may point to the presence of a dodgy phishing email.

1. A mismatched URL
If you receive a suspicious email in your inbox, one of the first things to check is the validity of the URL. The best way to do this is to however your mouse over the link without clicking on it, you will then see the full address appear. Despite seeming perfectly legitimate, if the link in the email is different to the address displayed, it’s a sure sign that it’s a phishing site and you should stay well clear.

2. A Generic Greeting
Phishing emails typically use generic greetings such as ‘Dear valued customer’, ‘Dear Account Holder’, or ‘Dear member’. If you were dealing with a legitimate company that you do business with on a regular basis, they would know your name, and use this in all official correspondence.

3. A request for personal information
If you receive an email asking for personal information such as an account number, password, pin or security questions, there’s a good chance it’s a phishing email and should be immediately deleted. A reputable company will never ask for this information to be sent via email or updated by clicking on a link.

4. Poor spelling and grammar
One of the easiest ways to detect a phishing email is by the way it’s written. Criminals tend not to spend too much time focusing on the spelling and grammar of an email, but it can be these small grammatical errors that give the game away. Legitimate companies will tend to have all their copy proof read so if you spot any spelling mistakes within an email, it’s unlikely to have come from an official organisation and should be treated with suspicion.

5. Threatening or urgent language
The most frequently clicked phishing emails will contain urgent calls to action that will rush people into clicking on a link. The criminals know exactly how to manipulate people and instil a sense of fear to ensure a quick response. Always be cautious of subject lines that claim ‘your account has been suspended’, ‘unauthorised login attempt’ or ‘urgent action required’. If you are unsure if the request is legitimate, contact the company directly via their official website or official telephone number.

5. Unexpected Correspondence
The criminals understand exactly what makes us tick and what types of scams solicit the highest response rate. If you receive an email informing you that you have won a holiday or won a prize for a competition you did not enter, it’s highly likely to be a phishing email.

Sign up for our fortnightly newsletter at https://www.cyberradio.com/to keep up to date with the latest cyber security news and advice on how to keep you and your family safe online.

Subscribe to our Newsletter

Join the 1500 others and get our weekly or monthly newsletters.

We respect your privacy.

Leave this field empty if you're human:

About Us

Cyber Radio is a non-profit organisation that seeks to increase the knowledge of ordinary citizens to allow them to operate online in a more secure manner and to combine that with making them more cyber savvy in their workplace.